README for sshsentry
====================
The purpose of sshsentry is to monitor the sshd logs, detect repeated failed
ssh login attempts and blacklist the hosts whence such attempts originate.

Installation from Source
------------------------
- Extract the tar.gz archive:
  tar xzvf sshsentry-*.tar.gz

- Change into the new directory:
  cd sshsentry-*

- Install sshsentry executable and initscript:
  make install

- If this is your first installation, install also the configuration files:
  make install_config

- Add the sshsentry initscript to the runlevels by executing one of the
  following commands:
  update-rc.d sshsentry defaults   (e.g. Debian)
  insserv -v sshsentry             (e.g. Debian, OpenSUSE)
  chkconfig -a sshsentry           (e.g. Debian, OpenSUSE)

Uninstallation from Source
--------------------------
- Uninstall executable, initscript and configuration files:
  make uninstall uninstall_config

- Remove the sshsentry initscript from the runlevels by executing one of the
  following commands:
  update-rc.d -f sshsentry remove   (z.B. Debian)
  insserv -v -r sshsentry           (z.B. Debian, OpenSUSE)
  chkconfig -d sshsentry            (z.B. Debian, OpenSUSE)

Configuration
-------------
The configuration file is stored at /etc/sshsentry.conf and mostly
self-explanatory.

Data Storage
------------
Collected information is stored at /var/lib/sshsentry/sshsentry.dat in a
human readable format. The file is read during startup and written once a day,
on SIGUSR1 or when sshsentry is stopped.

Ipset support
-------------
For ipset support see README.ipset.

Shorewall integration
---------------------
For integration into the Shorewall firewall see README.shorewall.

Debugging
---------
To run sshsentry in debug mode see README.debug.

Contact
-------
For feedback, bugs or suggestions please contact
Andreas Stempfhuber <andi@afulinux.de>
